AI Safety Risk Discovered When Reducing Model Memory
In brief
- Researchers have uncovered a critical issue where compressing memory in large language models (LLMs) can unintentionally compromise their safety.
- By evaluating eleven instruction-tuned models across five benchmarks, they found that low-bit quantization often leads to significant decreases in the ability of these AI systems to refuse harmful or unsafe requests.
- For instance, Mistral-7B experienced a 15.2% drop in refusals when its memory was reduced by just a small margin.
- The core problem lies in how safety features are more vulnerable to quantization noise compared to other model aspects.
- Safety-related activations occupy a lower-dimensional subspace, making them highly susceptible to disruption.
- This discovery has led researchers to develop Per-Channel Reduction (PCR), a diagnostic tool that identifies three distinct failure modes.
- PCR not only predicts the correct mitigation strategies but also successfully recovers up to 97% of lost alignment in some cases.
- This breakthrough offers hope for safer AI deployment by providing a practical, training-free solution that requires minimal computational resources and memory overhead.
- As AI adoption grows, such tools will be essential for maintaining model safety while optimizing performance.
Terms in this brief
- Quantization
- A technique used to reduce the memory and computational requirements of AI models by simplifying their numerical representations. This can make models faster and more efficient but may sometimes lead to a loss in accuracy or functionality, especially in critical areas like safety.
Read full story at arXiv CS.LG →
More briefs
AI Pioneer Yann LeCun Challenges Current AI Models
Yann LeCun, a Turing Award winner, says current AI models are limited. He thinks they need a new approach to reach human-level intelligence. He is building a startup called Advanced Machine Intelligence with $1.03 billion in funding. The company wants to create "world models" that learn from reality and predict what happens next. LeCun's new approach could lead to more intelligent systems that can plan and reason like humans.
AI Model Accused of Being a Merge
A company claims a new AI model is not original. It says the model is a mix of its own model and another one. The model is said to be 60 percent from one source and 40 percent from another. This matters because it affects how people trust AI. The company found this out by testing the model and looking at its code. The company will likely take further action to address this issue now.
AI Safety Research Reveals Surprising Insights into Gemini’s Behavior
Google's DeepMind team has uncovered unexpected findings about how AI models like Gemini are shaped. Their research shows that most of Gemini's safety features come from its pre-training and fine-tuning phases, not other training methods like reinforcement learning. This is a big shift from what they initially thought. The study found that when they removed the fine-tuning process (SFT) from Gemini, the model’s behavior didn’t change much on safety tests. This suggests that pre-training plays a crucial role in determining how safe and reliable AI systems are. However, the team also discovered that certain unwanted behaviors can still pop up even after filtering out bad examples during training. Looking ahead, DeepMind plans to focus more on improving the fine-tuning process to enhance model safety. They’re also working on better ways to identify and prevent behaviors that slip through the cracks despite these filters. This research could help make AI systems more predictable and trustworthy in the future.
New Attack Tricks AI Coding Agents
A new class of attack can trick artificial intelligence coding agents into running malicious code on developer machines. The attack can expose sensitive data without relying on methods like phishing. It works by injecting crafted input into error events, which are then interpreted by coding agents as legitimate steps. A successful attack can expose environment variables, Git credentials, and private repository URLs. Developers will need to find ways to protect themselves from this new type of attack.
AI Alignment Crisis: Most Safety Experts Not Focusing on Ensuring Superintelligent AIs Follow Human Instructions
A recent analysis reveals that the majority of AI safety experts are not working on ensuring superintelligent AIs align with human values-a critical task known as "alignment." While some groups, like the Alignment Research Center and Sequent, focus on this issue, they represent a small fraction of the broader AI safety community. Most others engage in indirect work such as capability evaluations, risk assessments, and policy development. This lack of direct alignment efforts raises concerns about how prepared we are for advanced AI systems. Currently, only a few projects like COT-monitoring aim to make current models behave well, which might help with future alignment challenges. While this work is valuable, it’s not enough to ensure that superintelligent AIs will follow human instructions. The AI community needs to prioritize more direct alignment research to avoid potential risks as AI capabilities grow. Watch for upcoming discussions and initiatives addressing this critical gap in AI safety efforts.